secretfinder
SecretFinder is a python script based on LinkFinder (version for burpsuite here), written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
Details
Category: Static Code Analysis
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/secretfinder:a0283cb
Source URL: https://github.com/m4ll0k/SecretFinder
Parameters
Command:
-p - Set proxy (host:port)Command:
-c - Add cookies for authenticated JS filesCommand:
-H - Set headers (Name:Value
Name:Value)Command:
-i - Input a fileCommand:
-i - Input folderCommand:
-i - Input a URLCommand:
-r - RegEx for filtering purposes against found endpoint. (e.g: ^/api/)Command:
-n - Process js url, if it contain the provided string (string;string2..)Command:
-g - Ignore js url, if it contain the provided string (string;string2..)Command:
-e - Extract all javascript links located in a page and process itCommand:
-b - Support burp exported file